Vulnerability Description
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sql Server | 7.0 |
References
- http://marc.info/?l=bugtraq&m=100891252317406&w=2
- http://www.atstake.com/research/advisories/2001/a122001-1.txtPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/700575US Government Resource
- http://www.securityfocus.com/bid/3733PatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=100891252317406&w=2
- http://www.atstake.com/research/advisories/2001/a122001-1.txtPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/700575US Government Resource
- http://www.securityfocus.com/bid/3733PatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2001-0542?
CVE-2001-0542 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NO...
How severe is CVE-2001-0542?
CVE-2001-0542 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0542?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sql Server.